问题描述
我使用ASP.NET MVC 3,我试图做一些事情,应该是真的直线前进......
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
我的应用程序使用Forms身份验证和为控制器/动作可以正常使用。例如,如果我不是装点控制器或Administrators组的成员仅低于属性的动作可以查看它们:
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
不过,我有在默认脚本文件夹文件夹,名为管理员。我只希望Administrators组的成员才能够在这个目录中访问的脚本,所以我创建与目录中的新的web.config里面以下内容:
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
不过无论用户是否是管理员组的成员,或者不是他们收到302 Found消息,然后被重定向到登录页面。
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
如果我改变web.config中允许用户=*
然后它工作。它也可以,如果我添加一个允许用户=用户名
,因为我与测试一个特定的用户。
If I change the web.config to allow user="*"
then it works. It also works if I add an allow users="Username"
for a specific user I am testing with.
这是我要去哪里错了,或在那里我可以开始调查任何想法?
Any ideas on where I'm going wrong or where I could start investigating?
推荐答案
你有 RoleManager 添加到您的的web.config 默认Scripts文件夹
东西如下
Do you have RoleManager added into your web.config in default Scripts foldersomething as below
system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx"
name=".ASPXFORMSAUTH" />
</authentication>
<roleManager defaultProvider="SqlProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All" >
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlServices"
applicationName="SampleApplication" />
</providers>
</roleManager>
</system.web>
这篇关于角色身份验证使用作品的授权属性,但不是通过在web.config中的授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!